As the holiday shopping season ramps up, the savvy online shopper must be prepared to protect themselves from the many, many individuals out there who want to steal your vital financial information through scam emails.
Phishing, one of the most common types of online theft, is effective mainly because it relies on the victim handing over their data directly, as opposed to “hacking” into your account or any other sort of cyber-theft that’s been popularized in fiction, usually involving unsavory-looking individuals hunkered over a bank of glowing computer screens in a dimly-lit room.
The basic method by which Phishing works is that you are sent an email, usually disguised to look like it’s from a source you’d expect to trust: Amazon, PayPal, or even your bank. In the email they’ll ask you to click on a link to update your account information or something like that, but the link WON’T lead to the actual destination. It’ll lead to a site where the data thieves will collect your information. Sometimes, they’ll even have a link on the Phishing page that passes you along to the genuine page, just to keep their deception in effect.
So how do you protect yourself?
1. Banks and big companies don’t request or send sensitive information by email. It’s the same rule as by telephone communications – they only ask for your sensitive information when you’re the one contacting them.
2. Take the long way around: If you get an email from a company saying that they’re having trouble processing your order and won’t be able to ship unless you follow their link and fill out the information there, don’t go through the link. In another browser window, login to your account with that company and check the order status that way. If the email is a Phishing scam, you’ll find there’s nothing out of the ordinary.
3. Check the URL: Any time you click on a link, check where it’s actually sent you before you input anything. What a link looks like and where it sends you are not always the same thing.
4. How did they address you? If it’s a genuine email from Amazon or some other company you have an account with, they have your name on file. Companies use their customers’ names in emails not only as a way to make you feel comfortable in dealing with them, but also as a security measure. If it’s addressed only “Dear Sir/Madam,” or “Dear (your email address here)” that’s a good indicator it’s fake.
5. Watch out for embedded forms! Sometimes, the email might have a form embedded instead of a link, and don’t trust that any more than you would the link!
Some of this may seem like common-sense sort of information, but Phishing scammers these days are getting smarter and smarter – the pages their links send you to may look practically identical to the account pages you’re used to dealing with from some of your favorite websites. They hope to catch you when you’re not paying close attention.
At OPAS, we want to do everything we can to ensure our members have a safe online shopping experience.
Here’s a link to a recent post from AARP (the American Association of Retired People) that highlights the idea of the Phishing link sending you to a page that is expertly disguised to look like another page:
The example they use is an actual Phishing scam that’s been circulated in the UK and Australia; since OPAS has many members in both of these countries, we wanted to be sure to include this in our post.
Here’s another good resource from online security company Norton: https://us.norton.com/7-tips-to-protect-against-phishing/article
Have a great (and SAFE) holiday shopping season!